<?php
session_start();


//connect to database with connection page information

require "connect.php";


switch (@$_GET['do']) 
{
case 'login':

$sql_s_user = mysql_query ("SELECT username FROM user WHERE username='$_POST[myusername]'");
$num = mysql_num_rows($sql_s_user); 

if ($num == 1) // login name was found
	{
	//encrypt entered password
	$sub_pw = md5($_POST['mypassword']);
	$sub_u = $_POST['myusername'];
	
	//compare encrypted string with pw and username
	$sql_s_pw = mysql_query ("SELECT username, user_id FROM user
	WHERE username = '$sub_u'
	AND password = '$sub_pw'");
	
	$num2 = mysql_num_rows($sql_s_pw);
	$accdata = mysql_fetch_row($sql_s_pw);
	
	if ($num2 > 0) // password is correct
		{
		//set session variables 
		$_SESSION['auth']='yes'; 
		$login=$accdata[0];
		$_SESSION['login'] = $login; 
		$today = date('Y-m-d h:m:s'); 
		
				//create a record of the user login
		
		$_SESSION['user'] = $accdata[1];
		
		$sql_i_ldata = "INSERT INTO user_login (user_id, login)
		VALUES ('$accdata[1]','$today')";
		
		mysql_query($sql_i_ldata);
		
		//redirect to successful login page
		header('Location: booktest.php');
		}
	else // password is not correct
		{
		$_SESSION['auth']='no';
		unset($do); 
		$message="Invalid username/password combination". "<br\>";
		include('loginform.inc'); 
		}
	}
else if ($num == 0) //login name not found
	{
	$_SESSION['auth']='no';
	unset($do);
	$message="Invalid username/password combination". "<br\>";
	include('loginform.inc');
	}
		
break;

case 'new':

foreach($_POST as $field => $value) 
	{ 
	if ($value == '')  
		{ 
		unset($_GET['do']); 
		$message_new = "Required information is missing. Please try again."; 
		include('loginform2.inc'); 
		exit(); 
		} 
	}

/* check to see if login name already exists */ 

$newpass = $_POST['newpass'];
$newname = $_POST['newname'];
$newfname = $_POST['newfname'];
$newlname = $_POST['newlname'];
$newemail = $_POST['newemail'];

$sql_s_user = "SELECT username FROM user WHERE username='$newname'"; 
$sql_r_user = mysql_query($sql_s_user) 
or die("Couldn't execute query." . mysql_error()); 

$num3 = mysql_num_rows($sql_r_user); 

if ($num3 > 0) 
	{ 
	$_SESSION['auth']='no';
	unset($_GET['do']); 
	$message_new = "The username '" . $newname . "' has already been taken by someone quicker (although not necessarily better) than you. Please select another username."; 
	include('loginform2.inc'); 
	exit(); 
	} 

else 
	{ 
	$today = date('Y-m-d');  
	$unpass = $newpass;
	$newpass = md5($newpass);
	
	$sql_i_newu = "INSERT INTO user (first_name, last_name, username, email, creation_date, password) 
	VALUES ('$newfname','$newlname','$newname','$newemail','$today','$newpass')"; 
	
	if (!mysql_query($sql_i_newu))
		{
		echo "Error" . mysql_error();
		}
	else
		{
		//user id is id of last record
		$_SESSION['user']=mysql_insert_id();		
		$_SESSION['auth']="yes";
		//shoud this be login instead of logname? 
		$_SESSION['login'] = $newname;
		$newemail = $_POST['newemail'];
		
		//create a database session for the new user
		$newuser_session = "INSERT INTO user_login (user_id, login)
		VALUES ('$_SESSION[user]','$today')";
		
		mysql_query($newuser_session);
		
		
		// send email to new member 
		$emess = "A new account has been set up for you at Quotationaday.com / Mark's Media Manager."; 
		$emess.= "Your new Member ID and password are: "; 
		$emess.= "\n\n\t$newname\n\t$unpass\n\n"; 
		$emess.= "Thanks! \n\n"; 
		$emess.= "If you have any questions, comments, or problems of a non-medical nature"; 
		$emess.= " please email admin@quotationaday.com"; 
		$ehead= "From: admin@quotationaday.com\r\n";  
		$subj = "Your new beta testing account at quotationaday.com"; 
		
		$mailsend=mail('$newemail','$subj','$emess','$ehead'); 
		
		if (!$mailsend)
		{
		//mail failed
		}
		else
		{
		//mail didn't fail
		}
		
		
		//where should we header?
		header('Location: booktest.php');  
		}
	}

break; 
default:  
include('loginform.inc'); 
}


?> 